Web Application Security

Is your website hackable?

Check with Acunetix Web Vulnerability Scanner

As many as 70% of websites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases and also allow hackers to perform illegal activities using the compromised site.

Firewalls, SSL and Hardened Networks are Futile against Web Application Hacking! Web application attacks, launched on port 80/443, go straight through the firewall, past the operating system and network level security, and right into the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested, have undiscovered vulnerabilities and are therefore easy prey for hackers. Find out if your website is secure before hackers download sensitive data, launch criminal activity from your website and endanger your business. Acunetix Vulnerability Scanner automatically crawls and scans off-the-shelf and custom-built websites and web applications for SQL Injection, XSS, XXE, SSRF, Host Header Attacks & over 500 other web vulnerabilities.

Crawl & ScanWhat you can’t crawl you can’t scan. Acunetix can crawl complex web application architectures including JavaScript-heavy HTML5 Single Page Applications while being able to scan restricted areas automatically, with ease.

Detect & AlertWith vulnerability detection, it’s accuracy that counts. Acunetix detects over 500 types of web app vulnerabilities alerting according to severity, but its ability to scan accurately, guaranteeing low false positives, is what places it above the rest.

Report & RemediateA wide variety of reports help developers and business owners alike to quickly identify a web application’s threat surface, detect what needs to be fixed, and ensure conformance with several compliance standards.

Acunetix - The Technology Leader in Web Application Security: Acunetix are the pioneers in Automated Web Application Security Testing with an engineering lead in website structure analysis and vulnerability detection. The Acunetix innovative technologies include

Acunetix Vulnerability Scanner rigorously tests for hundreds of web application vulnerabilities including SQL Injection and Cross-site Scripting. SQL Injection is one of the oldest and most prevalent of software bugs; it allows attackers to modify SQL queries in order to gain access to data in the database. Cross-Site scripting attacks allow attackers to execute malicious scripts inside your visitors’ browser; possibly leading to impersonation of that user. Acunetix is the industry leader in detecting the largest variety of SQL Injection and XSS vulnerabilities, including Out-of-band SQL Injection and DOM-based XSS.

AcuSensor Technology Guarantees Low False Positives

Acunetix includes unique AcuSensor Technology that analyzes code as it gets executed, resulting in higher detection rate, and importantly elimination of false positives. Furthermore, AcuSensor technology is able to indicate where the vulnerability is in the code and report debug information. AcuSensor not only finds more vulnerabilities, but will save valuable time for your security and development teams.

Test Authenticated Web Applications with Login Sequence Recorder

Testing authenticated areas of your web applications is absolutely crucial to ensure full testing coverage. Acunetix Vulnerability Scanner can automatically test authenticated areas by recording a Login Sequence using the Login Sequence Recorder. The Login Sequence Recorder makes it quick and easy to record a series of actions the scanner can re-play to authenticate to a page. The Login Sequence Recorder can also record a series of Restrictions; making it trivial to granularly limit the scope of a scan in a few clicks.

DeepScan Technology Scans Most Content

A fundamental process during any scan is the scanner’s ability to properly crawl an application, no matter what web technology it’s written in. Acunetix Vulnerability Scanner features DeepScan Technology; an HTML5 crawling and scanning engine that fully replicates user interaction inside of a browser by executing and analyzing JavaScript. DeepScan allows accurate crawling of AJAX-heavy client-side Single Page Applications (SPAs) that leverage technologies such as AngularJS, EmberJS and Google Web Toolkit. It can understand and interact with complex web technologies such as: AJAX, SOAP/ WDSL, SOAP/WCF, WADL, XML, JSON, Google Web Toolkit (GWT) and CRUD operations. In addition, DeepScan has been further optimized to analyze websites and web applications developed in Ruby on Rails and Java Frameworks including Java Server Faces (JSF), Spring and Struts.

In order to keep track of the vulnerabilities detected in your web applications, Acunetix Vulnerability Scanner includes extensive reports to help manage escalation and remediation of vulnerabilities while assisting in task prioritization. It also includes a range of Compliance and Classification reports including: PCI DSS; OWASP Top 10; ISO 27001; NIST Special Publication 800-53 (for FISMA); HIPAA; Sarbanes-Oxley; Mitre CWE/ SANS Top 25 Most Dangerous Software Errors, among others.

WordPress Vulnerability Scanning

Acunetix Vulnerability Scanner identifies WordPress installations, and will launch security tests for over 1200 popular WordPress plugins, as well as several other vulnerability tests for WordPress core vulnerabilities. In addition, Acunetix Vulnerability Scanner will also conduct other WordPress-specific configuration tests such as weak WordPress admin passwords, WordPress username enumeration, wp-config.php backup files, malware disguised as plugins and old versions of plugins.

· Schedule Scans with Ease - Schedule scans to run at a given time, or setup recurring scans based on a customized schedule, set-up custom Excluded Hours templates to pause scans during specific hours.

· Business Logic Testing with Selenium IDE - Support for crawling and scanning complex Business Logic-driven applications through consumption of Selenium IDE test cases.

· Auto-configuration of Web Application Firewalls

Available as a Hosted or On Premise Solution

Acunetix Vulnerability Scanner is available Online/Hosted or On Premise. The Online version can be licensed per year for any number of scan targets. The On Premise version is available as an Enterprise Edition to allow for scanning of an unlimited number of company owned websites and a Consultant Edition which allows you to use Acunetix WVS to perform penetration tests for third parties. Both editions can optionally scan up to 10 websites simultaneously.

About Acunetix

Acunetix was founded in 2004 to combat the alarming rise in web attacks and today is a market leader in web application security technology. Its flagship product, Acunetix Vulnerability Scanner, is designed to replicate a hacker's methodology to find dangerous vulnerabilities like SQL injection and Cross-Site Scripting, before hackers do.